Installation

Splunk UF unable to send logs getting error- An existing connection was forcibly closed by the remote

Y7698will
New Member

Splunk UF is not sending logs to Splunk. The Splunkd constitutes full of errors and warnings as below.

The telnet connection to DS and Indexers is successful at 8089 and 9997 respectively. It is a windows server and service is up and running




ERROR TcpOutputFd - Read error. An existing connection was forcibly closed by the remote host.
WARN TcpOutputProc - Applying quarantine to ip=**888* port=9997 _numberOfFailures=2
03-28-2022 04:50:44.070 +1100 ERROR TcpOutputFd - Read error. An existing connection was forcibly closed by the remote host.
03-28-2022 04:50:44.070 +1100 WARN TcpOutputProc - Applying quarantine to ip=*8888* port=9997 _numberOfFailures=2

 

 

Labels (3)
0 Karma

pkumar9610
Explorer

Check if tcp port was not setup or setup with wrong port in the inputs.conf file. Adding or correcting the tcp entry and restart Splunk will work. 

Hope this helps !!! Good Luck 

0 Karma

richgalloway
SplunkTrust
SplunkTrust

If you're using SSL, make sure you have the right certificate installed on both ends of the connection.

Check the indexer's logs to see if they offer more information about the problem.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

What’s New in Splunk Cloud Platform 9.1.2308?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2308! Analysts can ...

Index This | Why do they call it hyper text?

November 2023 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

State of Splunk Careers 2023: Career Resilience and the Continued Value of Splunk

For the past three years, Splunk has partnered with Enterprise Strategy Group to conduct a survey that gauges ...